UbuntuUpdates.org

Package "libmpg123-0"

Name: libmpg123-0

Description:

MPEG layer 1/2/3 audio decoder (shared library)

Latest version: 1.25.13-1ubuntu0.2
Release: focal (20.04)
Level: security
Repository: main
Head package: mpg123
Homepage: http://mpg123.org/

Links


Download "libmpg123-0"


Other versions of "libmpg123-0" in Focal

Repository Area Version
base main 1.25.13-1
updates main 1.25.13-1ubuntu0.2

Changelog

Version: 1.25.13-1ubuntu0.2 2024-11-27 16:06:52 UTC

  mpg123 (1.25.13-1ubuntu0.2) focal-security; urgency=medium

  * SECURITY UPDATE: incomplete fix for OOB write (LP: #2089680)
    - debian/patches/CVE-2024-10573-2.patch: safeguard against attempts to
      decode if decoder setup failed and user ignored the returned error
      code in src/libmpg123/format.c, src/libmpg123/frame.h,
      src/libmpg123/libmpg123.c, src/mpg123.c.
    - CVE-2024-10573

 -- Marc Deslauriers <email address hidden> Tue, 26 Nov 2024 10:23:12 -0500

Source diff to previous version
2089680 Insufficient fix for CVE-2024-10573
CVE-2024-10573 An out-of-bounds write flaw was found in mpg123 when handling crafted streams. When decoding PCM, the libmpg123 may write past the end of a heap-loca

Version: 1.25.13-1ubuntu0.1 2024-11-06 19:07:01 UTC

  mpg123 (1.25.13-1ubuntu0.1) focal-security; urgency=medium

  * SECURITY UPDATE: OOB write during PCM decoding
    - debian/patches/CVE-2024-10573.patch: don't prepare for actual frame
      data when there is none and separate header data into a struct,
      ensure late updating in frame in src/libmpg123/frame.c,
      src/libmpg123/frame.h, src/libmpg123/layer1.c,
      src/libmpg123/layer2.c, src/libmpg123/layer3.c,
      src/libmpg123/libmpg123.c, src/libmpg123/parse.c,
      src/libmpg123/getbits.h.
    - CVE-2024-10573

 -- Marc Deslauriers <email address hidden> Mon, 04 Nov 2024 13:49:25 -0500

CVE-2024-10573 An out-of-bounds write flaw was found in mpg123 when handling crafted streams. When decoding PCM, the libmpg123 may write past the end of a heap-loca



About   -   Send Feedback to @ubuntu_updates